2Q.docx2.1 Assignment: Devotional
1. Be sure to address to the following prompts in your paper:
a. Considering your religious/cultural background, what do you see as God’s role in our security efforts?
b. What does the Bible say we need to do for God’s blessing?
c. How would you apply the principles of these verses in your workplace?
2. Your paper should be at least 250 words in length.
2.2 Discussion: Textbook Reading
Resources
· Textbook: Principles of Computer Security: CompTIA Security and Beyond
1. Read Chapters 5–8 in your textbook.
2. Using the discussion link below, respond to the following questions:
a. What was the most useful takeaway for you from this workshop’s reading?
b. What concept from the reading is the most applicable to you now in your profession, and how might you implement it?
2.3 Discussion: Cryptographic Functions
1. Using the discussion link below, respond to the following prompts and questions:
a. Classify the types of cryptographic methods that are currently in use and describe their functionality.
b. What function does PKI play in secure transactions? Discuss any issues with the use of PKI.
c. Discuss why physical security is important. Select several physical security measures and provide reasoning for their implementation.
2. Your initial post should be at least 300 words and supported with at least three references.
2.4 Assignment: Threat Analysis (Phase 1 of Final Project)
1. Phase 1 of Final Project: Develop a comprehensive analysis that identifies threats and vulnerabilities to the information systems infrastructure and organizational data.
2. You may use a fictitious company, one that you researched on the Internet, or your own workplace (although you should use an alias for the company name).
3. Conduct Internet research for formats that are used for a threat analysis.
a. Include a short executive summary for this assignment, although you will need to revise this summary for the final paper.
b. The threat analysis should be approximately 4 to 5 pages in length, in APA format, and double-spaced for the narrative.
c. You may use tables or other graphic representations.
d. The paper should include references to any material used in preparing the paper. References are to be cited within your paper as well as on the Reference page using APA format.
e. You should use online resources to develop your plans; just make sure to cite these sources. All written work should be your own.
f. Consider using Grammarly before you submit your paper. Grammarly checks grammar, provides suggestions for corrections, and reviews references.
1.4 Discussion: Understanding the Cybersecurity Landscape
1. Conduct a critical analysis of two of your classmates’ posts by the last day of the workshop.
2. Each response to your classmates should be at least 150 words in length and include a citation to one credible information source.
Peer Review 1:
Some big security incidents are listed below with number of user/accounts affected.
Yahoo in 2013 – 3 billion accounts were hacked.
First American Corporation in 2019 - 885,000,000
Facebook in 2019 - 540,000,000
Marriott International in 2018 - 500,000,000
Yahoo in 2014 - 500,000,000
Friend Finder Networks in 2016 - 412,214,295
Exactis in 2018 - 340,000,000
Airtel in 2019 - 320,000,000
Truecaller in 2019 - 299,055,000
MongoDB in 2019 - 275,000,000
Wattpad in 2020 - 270,000,000
Facebook in 2019 - 267,000,000
Microsoft in 2019 - 250,000,000
MongoDB in 2019 - 202,000,000
Instagram in 2020 - 200,000,000
PIXLR data breach: It’s an online photo editor website and it was hacked recently. all the user details/data were stolen. Even the password was also hacked, and the document of the user was made available to the hackers. According to the company, the hackers made off with data from nearly two million PIXLR users. The hackers have been identified as the group that goes by the name of “ShinyHunters,” who are well known for stealing databases from high profile companies and selling stolen databases on the Dark Web.
The main reason behind such incidents is digital vulnerability like compromised access control system, authentication system, vulnerability detection system. The hackers go undetected because of any of these weaknesses.
Lack of security measures is the main cause behind such incidents. The organization uses many types of security systems but if they are not efficient then such incidents are bound to happen. The absence of skilled workers is also the reason behind such incidents
• Weak access control
• The compromised vulnerability detection system
• Lack of an efficient authentication system
• Gaining physical access
• Insecure storage or disposal of high value information
The short-term impact by this breach was this will create instability in the organization. The organization focus shifted from service to threat elimination. Since a large number of users got affected so company’s first priority was to fix and retrieve all the data first. The user passwords were also hacked which made edited documents accessible to the attackers
In the long term affect this panic resulted in the reduction of the user base of the PIXLR for that matter. Because lots of customers lose confidence over that website and it take time to regain their confidence.
These attacks are caused to threaten the personal information of the user. And make the system work abnormally. All these attacks are not similar to each other they are caused by different techniques. And their techniques are so sharp that you don't even know that you are becoming a cyberattack victim. So, it is important to get the relevant measures to avoid it in advance like,
• Strong Passwords.
• Setting Strong Security Policies.
• Keep Software updated.
• Aware your employees and knowns about cyber-attacks.
• Providing a strong access control system
• The efficient vulnerability detection system
• Rapid mitigation system
All the mentioned parameters are important for the security of any organization. There must be a regular control and update system to keep these security parameters updated. The implementation of these parameters decides the applicability of such measures. If implemented properly it will secure the system to the maximum extent. So, the focus must be on the successful implementation of these parameters to tackle security issues.
Employees must be given proper training to avoid any mistakes. Training upgrades the skill which is responsible for the efficient implementation of the process and measures. Organizations must train their employees, vendors and other stakeholders having access to any business data about the best practices to ensure data security. It can be as simple as having strong passwords to something complicated as educating about the phishing emails or malware, organizations will have to put effort into making their stakeholders understand and implement best practices. It is also important to note that data security awareness is not a one-time activity but should be a part of repetitive activities within the organization which are practiced and updated frequently.
References:
PIXLR Data Breach Information Leaked Online - Neoscope. (2021). Retrieved 1 June 2021, from https://www.neoscopeit.com/2021/02/pixlr-data-breach-information-leaked-online/.
Bonobos Suffers Huge Data Breach. (2021). Retrieved 1 June 2021, from https://risnews.com/bonobos-suffers-huge-data-breach
Peer Review 2:
More than 98.2 million individuals were impacted by the 10 biggest data breaches in the first half of 2021, with three of the 10 largest breaches occurring at technology companies. (Novinson, 2021)
10. 20/20 Eye Care Network Affected Users: 3.25 Million
9. DriveSure Affected Users: 3.28 Million
8. Volkswagen Group of America Affected Users: 3.3 Million
7. Accellion Affected Users: 3.46 Million
6. Florida Healthy Kids Corporation Affected Users: 3.5 Million
5. Infinity Insurance Company Affected Users: 5.72 Million
4. Jefit Affected Users: 9.05 Million
3. ClearVoiceResearch.com Affected Users: 15.7 Million
2. Park Mobile Affected Users: 21 Million
1. Astoria Company Affected Users: 30 Million
The main cause of these breaches is due to either a bug in the code which essentially is a mistake made by person while developing the code or the ability of person to crack a code. All in all, it comes down to whether a hacker can crack the code. For the defense, developers are supposed to make a code such that no person can breach it. So, at the end of the day, human factors control the breaching of data.
The short-term impact on these organizations due to data breach would be to allocate resources to find out the root-cause and contain the breach. For example, when referring to the 20/20 Eye Care company breach, the company got sued by a plaintiff. The plaintiff is ultimately accusing 20/20 of failing to have proper security, failing to disclose to patients their lack of security, failing to take steps to prevent breaches, and lastly failing to provide proper and timely notice of the breach. (Heebink, 2021) Longer term impact would lead to defamation which would further lead to loosing customers which would eventually mean suffering losses due to customers losing faith in the organization.
To mitigate such data breaches, I would have organizations set-up their set of rules which would ask employees to make sure their code follows a certain standard so that it is not breached. Each code should be reviewed by an elite level person who has exceptional knowledge of how a code works. That person would be able to determine if data breach is possible or not.
References:
Heebink, Kendall (2021). Eye Care Company Sued Following Data Breach. Retrieved from https://lawstreetmedia.com/health/eye-care-company-sued-following-data-breach/
Novinson, Michael (2021). The 10 Biggest Data Breaches of 2021 (So Far). Retrieved from https://www.crn.com/slide-shows/security/the-10-biggest-data-breaches-of-2021-so-far-/11
